Method and device for authenticating a user on a remote server

ABSTRACT

A method is provided for authenticating a user ( 10 ) on a remote server ( 16   a   , 16   b   , 16   c ) of a network ( 18 ), comprising the steps of receiving an authentication request firm said remote server ( 16   a   , 16   b   , 16   c ) of said network ( 18 ) by a terminal device ( 14 ), retrieving authentication key firm a personal trusted device ( 12 ) in which a plurality of network addresses of remote servers ( 16   a   , 16   b   , 16   c ) and corresponding authentication keys are stored in a database, and displaying said authentication key to the user ( 10 ) on said personal trusted device ( 12 ).

[0001] The present invention relates to the authentication of a user ona remote server in a network, requiring an authentication key to allowfor access to its services. In particular the invention relates toautomatic password retrieval and access control.

[0002] The amount of access control points on remote servers in anetwork such as the internet grows tremendously. Authentication isimportant to enable safe transactions over open channels which caneasily be distorted or recorded for spying. A typical concept ofallowing for access is to provide an authentication key to the user suchas a user login name and a corresponding password, or a personalidentification number (PIN), which is a somewhat simpler means. Due tothe large number of access control points, it is difficult to the userto memorise all different access control information. Very often userstry to bypass this problem by using the same login name and password orPIN for all relevant sites, which solution obviously compromisessecurity, because figuring out the authentication key of one of thosesites would imply, that all other sites are open for unwanted access aswell.

[0003] U.S. Pat. No. 6,182,229 discloses a client system operated by auser having access to a plurality of remote servers requiring passwordsfor access. The client system maintains a database of encryptedpasswords and user identifications for remote servers to which the useris inscripted. The access to the database is protected by a masterpassword. In such a system the user has to remember one master passwordonly, and passwords of the remote servers might be chosen at random suchenhancing the security.

[0004] U.S. Pat. No. 6,112,078 discloses a method for obtaining at leastone item of an user authentication key, wherein the user authenticationkey is obtained at least partly by using paging or short message service(SMS) messages. If the user needs to recall an authentication key he mayrequest an external information service secured by a password.

[0005] Both methods suffer from a major security problem, since thedatabases containing the information of all passwords and useridentifications for remote servers to which the user is inscripted areconnected to a public communication network and may be accessed from aremote server. Thus it will be sufficient to break the single masterpassword so as to gain access to all network addresses and thecorresponding authentication keys for remote servers to which the useris inscripted. Not only the authentication keys, but also the importantinformation to which remote servers the user is inscripted, may thus beobtained.

[0006] The object of the present invention is therefore to provide amore secure method for retrieving information about authentication keysof a user for remote servers to which the user is inscripted.

[0007] Accordingly, the present invention provides a method forauthenticating a user on a remote server of a network. It comprises thesteps of receiving an authentication request from one remote server ofthe network by a terminal device, retrieving respective authenticationkeys from a personal trusted device in which a plurality of networkaddresses and respective authentication keys are stored in a database;and displaying the authentication key to the user on the personaltrusted device.

[0008] The network might be any network, such as the internet, a mobilecommunication network, or an intranet comprises a client server orterminal device used by the user and at least one remote serverrendering access to his data and services by authentication of the useronly. The user might store multiple network addresses, preferably auniform resource locator (URL) e.g. an adress starting with “http or“https” or a uniform resource identifier (URI) and the correspondingauthentication keys that preferably are a user login name and acorresponding password or a personal identification number. Hence, he isenabled to choose his authentication on different remote servers atrandom, thus enhancing the security of access to the plurality networkaddresses. The information is stored in a personal trusted device, onlyaccessible to the user. If an authentication request from one remoteserver of the network is received by the terminal device, the addressand/or name of the remote server is transferred to the personal trusteddevice.

[0009] In a preferred embodiment of the present invention, the methodfurther comprises a step of encryption before information about networkaddresses and the corresponding authentication keys are stored on thepersonal trusted device. Likewise the authentication keys retrieved fromthe database are decrypted before being displayed to the user in thepersonal trusted device. This step along with the above followingembodiments of the present invention assures that all relevantinformation stored on the personal trusted device are difficult toretrieve without having the user's access rights on the personal trusteddevice.

[0010] In another preferred embodiment of the present invention, themethod further comprises the step of requesting a user's authenticationto start the authentication key retrieval on the personal trusteddevice. This steps ensures, that even if a person other than the userhas got access to the personal trusted device, he must provide anauthentication only known to the user to get relevant information aboutthe network addresses of remote servers the user is inscripted to, andthe corresponding user login names and passwords.

[0011] Yet in another embodiment of the present invention, theauthentication key retrieval is closed automatically, if it remainsinactive for a predetermined period of time. If the user looses theportable trusted device or leaves the application key retrieval runningwhile another person is having access to the personal trusted device, itis thus ensured, that the application key retrieval is closedautomatically, in most cases before any relevant information can becorrupted.

[0012] Still in another embodiment of the present invention, the step ofretrieving the authentication keys is carried out upon transmitting thenetwork address of the remote server to the personal trusted device. Thetransmission might be automatically thus providing an easy applicationof the method according the present invention to the user. She need nothave to transfer the network address to the personal trusted devicewhich might be cumbersome, if the address is a long string of numbers orsymbols.

[0013] According to another aspect of the invention, a computer programis provided, by which implementation a software method forauthenticating a user on a remote server of a network can be executed.By using a computer program for the execution of the method forauthenticating a user on a remote server of a network, the method caneasily be implemented in a computer or in a personal trusted device.Preferably the computer program is implemented as a Java application orapplet. This favourable implementation is chosen so as to enable thecomputer program to be run on different devices and to enable alreadysold devices to be upgraded with the authentication key retrieval, e.g.by simply downloading the applet from a remote server on the Internet.

[0014] According to another aspect of the invention, a computer programproduct is provided, that contains a computer readable medium whichstores a program for the execution of a method for authenticating a useron a remote server of a network.

[0015] According to yet another aspect of the invention, a personaltrusted device is provided, comprising a storage means for storing aplurality of network addresses and respective authentication keys in adatabase, an authentication key retrieval means for retrieving arespective authentication key fromm the database upon entry of a networkaddress, and a display for displaying the retrieved authentication key.

[0016] Preferably, the personal trusted device is a mobile communicationdevice such as a mobile phone or a paging device such as a pager. Amobile device is favourable since it assures that the personal trusteddevice is strictly user owned and can be transported by the user to anyplace, if desired. Thus the authentication key retrieval might beavailable to the user, whatever terminal device connected to the networkhe is using.

[0017] According to a fourth aspect of the present invention, acommunication network is provided comprising at least one terminaldevice, an access point in communication for the terminal device andforming part of the network and a personal trusted device. Such acommunication network might be a personal computer system connected viathe internet to a remote server, such like the server of a bank, aninsurance, an e-commerce provider, etc. Yet it might be a mobilecommunicator having access via a wireless telecommunication network toan access point, that is connected to the internet.

[0018] Preferably, the terminal device is connected to the personaltrusted device. This might be done either by a wired link or by awireless connection. Preferably, the wireless connection is achieved bya Bluetooth connection, an infrared connection or an ultravioletconnection. Connecting the terminal device by a wired link or wirelessconnection to the personal trusted device is arranged to ease thetransfer of the internet address of the remote server requesting for anauthentication key from the terminal device to the portable device.Favourably, this connection is only one-way directed, only allowing fortransferring information from the terminal device to the portabletrusted device. It is a major feature of the present invention, thatinformation stored on the portable trusted device is merely displayed tothe user, who is having to transfer it to the terminal device. This stepenhances security.

[0019] Moreover, in an additional embodiment of the present invention,the personal trusted device might be used as an access device to ?? theremote server, in which case the internet address is passed to theauthentication key retrieval without sending it to the personal trusteddevice. Der Inhalt dieses Absatzes ist uns nicht ganz klar. Wenn er sozu verstehen ist, dass das PTD selbst auf das Internet zugreift, ist dieRelevanz fur die vorliegende Erfindung eigentlich nicht gegeben und erkann gestrichen werden.

[0020] In another additional embodiment, the database containing aplurality of internet addresses and corresponding authentication keysmay be transferred from one personal trusted device to another, aprocedure that might be necessary if the existing personal trusteddevice is replaced by a new device or if it is used in parallel with asecond device. An emerging standard for data interchange is SyncML, anXML based approach for data synchronisation and interchange. Yet itshould be noted, that a data transfer to another device involves majorsecurity problems. Therefore a simple protection against data corruptionmay be a transfer of the database to another personal trusted device bya subscriber identity module (SIM) card or a memory card having astorage means for storing the database, that can be transferred from onedevice to the other, or a transfer that is only allowed, if the SIMcards of both devices are conjoined.

[0021] The memory or SIM card can store the database also permanentlyand is accessed by different personal trusted devices of the same userwhen the card is connected to this personal trusted device.

[0022] In any case such a transfer should be secure and it is noted thattheir exist many possible ways to insure a safe transfer known to aperson skilled in the art.

[0023] It should be noted that the description so far has been relatedto a terminal device connected to a remote server via a network. Thisterminal device can be a personal computer which might be located inprivate housings, offices, or public spaces and so forth. Yet, inanother possible embodiment of the present invention, the terminaldevice may be a cash retrieval device such as an ATM connected to a bankremote server or any other commercial device delivering a service or avalue, which device does not necessarily have to be connected to aremote server (i.e. the terminal device and the remote server areidentical) provided that an authentication of the user is requestedbefore delivering a service or value.

[0024] A more complete appreciation of the invention and many otherattendant advantages thereof will be readily obtained, as the samebecomes better understood by reference to the following detaileddescription when considered in connection with the accompanyingdrawings, wherein:

[0025]FIG. 1 shows a block diagram of a user retrieving anauthentication key to access a remote server, and

[0026]FIG. 2 shows a diagram of a preferred embodiment of the methodaccording to the present invention.

[0027] As shown in FIG. 1, a user 10 having a personal trusted device12, comprising a storage means 12 a, an authentication retrieval means12 b and a display 12 c, is requiring access to a remote server 16 a, 16b, 16 c by using a terminal device 14, the remote server 16 a, 16 b, 16c and the terminal device 14 being connected via a network 18. Bysimultaneously referring to FIG. 2, the method of authentication keyretrieval will now be explained. The remote server 16 a, 16 b, 16 c isrequiring a user authentication to allow for an access to its servicesand/or information. According to a preferred embodiment of the presentinvention, the remote server 16 a, 16 b, 16 c is sending itsauthentication request via the network 18 to the terminal device 14. Theterminal device 14 prompts the authentication request to the user 10.The user 10 then starts the authentication key retrieval on the personaltrusted device and transfers the internet address or the URL of theremote server 16 a, 16 b, 16 c requesting for authentication to thepersonal trusted device 12, in order to retrieve the correspondingauthentication key. In another embodiment of the present invention theterminal device 14 and the personal trusted device are connected, eitherby a wired link or by a wireless connection such as bluetooth, IR- orUV-connection. In this case, the authentication key retrieval may bestarted directly on the personal trusted deveice 12 by the terminaldevice 14, if an authentication request is prompted, and the transfer ofthe internet address or the URL of the remote server 16 a, 16 b, 16 crequesting for authentication to the personal trusted device 12 may betransferred automatically to the personal trusted device.

[0028] After the internet address or URL of the remote server 16 a, 16b, 16 c requesting for authentication to the personal trusted device 12is transferred to the personal trusted device 12, the correspondingauthentication key is searched in the database on the personal trusteddevice 12. If it is found, the corresponding authentication key isdisplayed on a display (12 c) of the personal trusted device to the user10, who may provide the authentication key to the terminal device 14,from where it is transferred to the remote server 16 a, 16 b, 16 c.

[0029] This application contains the description of implementations andembodiments of the present invention with the help of examples. It willbe appreciated by a person skilled in the art that the present inventionis not restricted to details of the embodiments presented above, andthat the invention can also be implemented in another form withoutdeviating from the characteristics of the invention. The embodimentspresented above should be considered as illustrative, but notrestricting. Thus, the possibilities of implementing and using theinvention are only restricted by the enclosed claims. Consequently,various options of implementing the invention as determined by theclaims, including equivalent implementations, also belong to the scopeof the invention.

1. Method for authenticating a user (10) on a remote server (16 a, 16 b,16 c) of a network (18), comprising the steps of receiving anauthentication request from said remote server (16 a, 16 b, 16 c) ofsaid network (18) by a terminal device (14), transmitting the networkaddress of said remote server (16 a, 16 b, 16 c) to a personal trusteddevice (12), retrieving a respective authentication key from saidpersonal trusted device (12), wherein a plurality of network addressesof remote servers (16 a, 16 b, 16 c) and corresponding authenticationkeys are stored in a database of said personal trusted device (12), anddisplaying said authentication key to the user (10) on said personaltrusted device (12).
 2. Method according to claim 1, where saidauthentication keys are a user login name and a password.
 3. Methodaccording to claim 1, where said authentication key is a personalidentification number (PIN).
 4. Method according to any of the precedingclaims, where said network addresses are uniform resource locations(URLs) or uniform resource identifiers (URIs).
 5. Method according toany of the preceding claims, further comprising the step of encryptingsaid network addresses and authentication keys before storing in saiddatabase on said personal trusted device (12), and a step of decryptingsaid authentication key retrieved from said database on said personaltrusted device (12) before displaying it to the user (10) on saidpersonal trusted device (12).
 6. Method according to any of thepreceding claims, further comprising the step of requesting the user's(10) authentication before starting the authentication key retrieval. 7.Method according to any of the preceding claims, where theauthentication key retrieval is closed automatically, if it remainsinactive for a predetermined period of time.
 8. Computer programcomprising program code means for performing all the steps of any one ofthe preceding claims, when said program is run on a computer or a mobileterminal device.
 9. Computer program according to claim 8, implementedas a Java applet.
 10. Computer program product comprising program codemeans stored on a computer readable medium for performing the method ofany one of claims 1 to 7, when said program product is run on a computeror a mobile terminal device.
 11. Personal trusted device comprising astorage means (12 a) for storing a plurality of network addresses andrespective authentication keys in a database, an authentication keyretrieval means (12 b) for retrieving a respective authentication keyfrom said database upon entry of a network address, wherein theauthentication retrieval means (12 b) is connectable to a terminaldevice from where the network address of a remote server (16 a, 16 b, 16c) can be transmitted to said personal trusted device (12), whereuponsaid authentication key retrieval means (12 b) retrieves thecorresponding authentication key, and a display (12 c) for displayingsaid retrieved authentication key.
 12. Personal trusted device accordingto claim 11, being a mobile terminal device.
 13. Personal rusted deviceaccording to claim 11 or 12, being a paging terminal device. 14.Communication network comprising at least one terminal device (14), anaccess point in communication for said terminal device (14) and formingpart of a network (18), and a personal trusted device (12) comprising astorage means (12 a) for storing a plurality of network addresses andrespective authentication keys in a database, an authentication keyretrieval means (12 b) for retrieving a respective authentication keyfrom said database upon entry of a network address, wherein upontransmitting the network address of a remote server (16 a, 16 b, 16 c)to said personal trusted device (12) said personal trusted device (12)operates said authentication key retrieval means (12 b) to retrieve thecorresponding authentication key, and a display (12 c) for displayingsaid retrieved authentication key.
 15. Communication network accordingto claim 14, where said terminal device (14) is connected to saidpersonal trusted device (12).
 16. Communication network according toclaim 15, where said terminal device (14) is connected to said personalterminal device (12) by a wired link.
 17. Communication networkaccording to claim 15, where said terminal device (14) has a wirelessconnection to said personal trusted device (12).
 18. Communicationnetwork according to claim 17, where said terminal device (14) isconnected to said personal terminal device (12) by a bluetoothconnection.
 19. Communication network according to claim 17, where saidterminal device (14) is connected to said personal terminal device (12)by an infrared (IR) connection.
 20. Communication network according toclaim 17, where said terminal device (14) is connected to said personalterminal device (12) by an ultraviolet (UV) connection.